On February 13, 2020, the former Minister of the Cabinet of Ministers of Ukraine and one of the co-founders of MONOBANK proudly announced on his Facebook page the "victory of the week": the connection of all major government bodies to the check.gov.ua service. This was supposed to mean that "Ukrainians would no longer need to waste time bringing bank payment receipts to these bodies."
The logic of the service is very simple: the bank or financial institution that processes customer payments as instructed provides each transaction with a unique code, which, along with limited transaction details, is transmitted to the government service. Unfortunately, the list of institutions connected to the service is quite limited.
The receipt code is a 16-digit alphanumeric string of characters that connected institutions indicate in each receipt. In fact, the payer doesn’t even need to send the entire receipt as a PDF document to the recipient. It is enough to send just the code.
It seemed like a really useful implementation. And it was. But could Mr. Dmitry, back in 2019, have imagined that he was creating a tool that would later become an additional tool for fraudsters?
Are you intrigued as to what this is about? You’ll understand in a few minutes.
Indeed, the implemented service is very useful: enter the name of the institution that made the payment and the receipt code into the corresponding field on the website, and you can be sure that the money is already with the recipient. It’s like "put on and forget." This was especially useful for those payers who actively used MONOBANK cards for P2P transfers (for reference – MONOBANK was one of the first banks to connect to the check.gov.ua service).
But life can make its own corrections.
In November 2024, the National Bank of Ukraine (NBU) introduced significant temporary limits on P2P transfers to strengthen control over the movement of money. There aren’t enough limits, but transfers still need to be made? Therefore, MONOBANK clients who do not have enough monthly transfer limits of 150,000 UAH must use payments with IBAN through the NBU’s interbank payment system (SEP).
However, while a card-to-card transfer was completed in a matter of seconds, an interbank transfer through SEP takes 30-60 minutes (and, according to regulations, it can take up to 3 days), significantly slowing down the money turnover. And it seemed that, with the check.gov.ua service, you wouldn’t need to wait for the money sent from MONOBANK to arrive in the recipient’s account! Just check the receipt from the payer and hand over the payment for which they were waiting. But it's not as simple as it seems.
It is assumed that after a payment with IBAN, a receipt is generated in the MONOBANK app that passes verification on the aforementioned service. However, the app also allows for the payment to be canceled within 10 minutes after it’s made with IBAN details! This means that a fraudster makes an interbank transfer from MONOBANK, generates a receipt, which successfully passes verification on the government service, and provides the recipient with the receipt number. The recipient checks the receipt and is confident that the money will arrive within an hour. Then the fraudster cancels the payment (within 10 minutes), and the supposedly sent money is returned to the fraudster’s account, while the receipt previously provided to the recipient disappears from the government service’s database.
A request to MONOBANK’s support service about how such a situation is possible – the appearance of payment receipts on the government receipt verification site before the money is actually sent to the recipient’s bank and the possibility of receipts disappearing after they are generated in the MONOBANK app – led to nothing: the "care service" specialists pretend not to understand what is being asked.
Therefore, dear readers, be very careful when you are provided with a payment receipt from MONOBANK for IBAN details. Don’t be misled by requests to speed up the transactions. Wait for the actual crediting of the funds to your account, which will appear in your account statement.